CN110941572A - System and method for flexible writing of internal data of a supervised system - Google Patents

System and method for flexible writing of internal data of a supervised system Download PDF

Info

Publication number
CN110941572A
CN110941572A CN201910905289.4A CN201910905289A CN110941572A CN 110941572 A CN110941572 A CN 110941572A CN 201910905289 A CN201910905289 A CN 201910905289A CN 110941572 A CN110941572 A CN 110941572A
Authority
CN
China
Prior art keywords
data store
data
writer
communication
unauthorized
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910905289.4A
Other languages
Chinese (zh)
Other versions
CN110941572B (en
Inventor
约阿希姆·卡尔·乌尔夫·霍克瓦特
安东尼奥·卢戈·特雷霍
维克托·马里奥·莱亚尔·赫雷拉
特勒尔·李·布雷斯
克里斯蒂安·雷诺兹·德克尔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GE Aviation Systems LLC
Original Assignee
GE Aviation Systems LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GE Aviation Systems LLC filed Critical GE Aviation Systems LLC
Publication of CN110941572A publication Critical patent/CN110941572A/en
Application granted granted Critical
Publication of CN110941572B publication Critical patent/CN110941572B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/10Program control for peripheral devices
    • G06F13/12Program control for peripheral devices using hardware independent of the central processor, e.g. channel or peripheral processor
    • G06F13/124Program control for peripheral devices using hardware independent of the central processor, e.g. channel or peripheral processor where hardware is a sequential transfer control unit, e.g. microprocessor, peripheral processor or state-machine
    • G06F13/126Program control for peripheral devices using hardware independent of the central processor, e.g. channel or peripheral processor where hardware is a sequential transfer control unit, e.g. microprocessor, peripheral processor or state-machine and has means for transferring I/O instructions and statuses between control unit and main processor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • GPHYSICS
    • G08SIGNALLING
    • G08GTRAFFIC CONTROL SYSTEMS
    • G08G5/00Traffic control systems for aircraft, e.g. air-traffic control [ATC]
    • G08G5/0017Arrangements for implementing traffic-related aircraft activities, e.g. arrangements for generating, displaying, acquiring or managing traffic information
    • G08G5/0021Arrangements for implementing traffic-related aircraft activities, e.g. arrangements for generating, displaying, acquiring or managing traffic information located in the aircraft

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Software Systems (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

A system and method for flexibly writing internal data of a supervised system may include generating flexible write instructions, providing the flexible write instructions to the supervised system, and storing or submitting data changes to the supervised system outside of normal system operation at runtime.

Description

System and method for flexible writing of internal data of a supervised system
Cross Reference to Related Applications
This application claims priority and benefit of U.S. provisional application No.62/735,885 filed 2018, 9, 25, incorporated herein in its entirety.
Technical Field
The present disclosure relates to a method and apparatus for flexibly writing internal data, particularly unauthorized data, to a data store of a supervised system.
Background
Modern aircraft employ sophisticated flight management systems that process and control a large amount of important data for the aircraft. Currently, in order to access (e.g., read or write) internal data of the flight management system, an interface defined at the time of software compilation is required. However, due to certification requirements and security issues, changing or modifying this access interface requires additional testing and re-certification. Access interfaces can be difficult and costly to modify due to additional testing and re-certification requirements. Typically, these interfaces undergo many changes throughout the development process, but are too expensive to change once the system is put into service.
Disclosure of Invention
In one aspect, the present disclosure is directed to a system for runtime write access to data of a supervised system, comprising: a data store having limited write access; an authorization writer communicatively coupled with the data store and authorized to have write access to the data store by generating a runtime instruction communication conveyed from the authorization writer to the data store, the runtime instruction communication defining authorization data to write to the data store; and a flexible writer that is not authorized to have write access to the data store and that is adapted to receive unauthorized data input, the flexible writer communicatively coupled with the authorized writer. The flexible writer is configured to: communicating the instruction to an authorization writer to generate a runtime instruction communication; and replacing the runtime instruction communication with the unauthorized data input during transport from the authorized writer to the data store to commit the unauthorized data input to the data store.
In another aspect, the present disclosure is directed to a method of writing an unauthorized parameter to a write access restricted data store of a runtime supervised system, the method comprising: receiving, by a flexible writer function that is not authorized to write to the data store, an unauthorized parameter; indicating, by the flexible writer function, an authorized writer function to generate a runtime instruction communication authorized to be written to the data store; replacing the runtime instruction communication with a replacement communication comprising an unauthorized parameter during transport from the authorized writer function to the data storage; and performing the replacement communication and writing the unauthorized parameters to the data store.
Drawings
In the drawings:
FIG. 1 illustrates an overhead schematic view of an aircraft in accordance with various aspects described herein.
FIG. 2 illustrates an example schematic diagram of a system for flexible writing of internal data in accordance with various aspects described herein.
Fig. 3 illustrates an example schematic diagram of a computing device in accordance with various aspects described herein.
Detailed Description
Aspects of the present disclosure may be implemented in any environment, apparatus, system, or method having supervised, restricted, authorized or otherwise restricted "write access" rights to a memory or data storage component. As used herein, "write access" means the availability or authorization to commit a change to a memory location, the change being the storage or rewriting of data, values, commands, instructions or any other data, elements or identifiers to the memory location, regardless of the function being performed by the data, elements or identifiers, or regardless of the function or implementation of the environment, apparatus, system or method. Collectively, "accessing" data may refer to reading, viewing, or otherwise receiving data from a data store, to "writing" data as described above, or a combination thereof. As used herein, a "supervised" system is a system with restrictions on access, such as write access to data or values of the system, whereby only approved or authorized entities, parties, functions, etc. are enabled or otherwise allowed to access the supervised or restricted elements. In one non-limiting example, only a single authorization function may have write access to a particular data element.
While a "set" of various elements will be described, it should be understood that a "set" can include any number of the corresponding elements, including only one element. Also as used herein, although an element or component may be described as "sensing" or "measuring" a corresponding value, data, function, or the like, sensing or measuring may include determining a value indicative of or related to the corresponding value, data, function, or the like, rather than directly sensing or measuring the value, data, function, or the like itself. Sensed or measured values, data, functions, etc. may further be provided to additional components. For example, a value may be provided to a controller module or processor, and the controller module or processor may perform processing on the value to determine a representative value or electrical characteristic representative of the value, data, function, or the like.
Connection references (e.g., attached, coupled, connected, and engaged) are to be construed broadly and may include intermediate members between a collection of elements and relative movement between elements unless otherwise indicated. Thus, joinder references do not necessarily infer that two elements are directly connected and in fixed relation to each other. In a non-limiting example, the connection or disconnection may be selectively configured to provide, enable, disable, etc., electrical connections between the various elements. Non-limiting example power distribution bus connections or disconnections may be enabled or operated by switching logic or any other connector configured to enable or disable connections between respective elements or components.
As used herein, a "system" or "controller module" may include at least one processor and memory. Non-limiting examples of memory may include Random Access Memory (RAM), Read Only Memory (ROM), flash memory, or one or more different types of portable electronic memory, such as a disk, DVD, CD-ROM, etc., or any suitable combination of these types of memory. The processor may be configured to execute any suitable program or executable instructions designed to perform various methods, functions, processing tasks, calculations, etc. to enable or implement the operations or operations of the techniques described herein. The program may comprise a computer program product which may include a machine-readable medium for carrying or having machine-executable instructions or data structures stored thereon. Such machine-readable media can be any available media that can be accessed by a general purpose or special purpose computer or other machine with a processor. Generally, such computer programs may include routines, programs, objects, components, data structures, algorithms, etc., that have the technical effect of performing particular tasks or implementing particular abstract data types.
As used herein, "data store" may include data values stored in a memory, where the data values are write-accessible only by a single function, program, entity, etc ("writer"). Write-accessibility of data storage may be managed or otherwise regulated by digital security mechanisms understood by those skilled in the art. While only one writer has write-access to the data store, the data store may have or include multiple functions, programs, or entities with read access to read, view, or otherwise receive data in a unidirectional relationship. In contrast to data storage, a "data storage queue" may include a data value or set of data values stored in a memory, where the data value is write-accessible by a set of one or more functions, programs, entities, etc. Write-accessibility of the data storage queue may be managed or otherwise regulated by digital security mechanisms understood by those skilled in the art. In addition, a data storage queue may comprise a single function, program or entity that has only read-access to read, view or otherwise receive data in a unidirectional relationship. In a non-limiting example, the read operation may be "one-time" or destructive (e.g., removing data after an access operation).
Reference will now be made in detail to aspects of the present disclosure, one or more non-limiting examples of which are illustrated in the accompanying drawings. Each example is provided by way of explanation, not limitation, of the disclosure. In fact, it will be apparent to those skilled in the art that various modifications and variations can be made in the present disclosure without departing from the scope or spirit of the disclosure. Thus, it is intended that the present disclosure cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.
Example aspects of the present disclosure relate to systems and methods that enable flexible access to internal data of a supervised system (e.g., avionics system). Non-limiting examples of avionics systems may include, but are not limited to, Flight Management Systems (FMS), Airport Surface Map Systems (ASMS), and the like. In particular, an interface defined at software compile time is typically required to access internal data from the FMS. However, changing or modifying the access interface requires modification of the source code, recompilation, which increases cost, verification, and testing burden. This is especially true when internal data access is used in software testing. Creating multiple versions of a compiler can be very expensive and difficult to maintain. Due to this additional testing and re-certification requirements, the access interface may be difficult and costly to change. It is therefore an advantage of the disclosed aspects to provide a method and system that enables flexible write-access to internal data such as write-access throttling or restricted systems of avionics systems or FMS.
Aspects of the present disclosure provide a technique for selecting, customizing, or otherwise flexibly defining data entered or received by an avionics system at runtime. In particular, in some embodiments, the system of the present disclosure may include a configuration tool that enables a system operator to select (e.g., via a user interface) which data thereafter is input or received by or otherwise provided from the avionics system at runtime for storage in or writing to memory.
Accordingly, aspects of the present disclosure provide a technique for customizing or otherwise defining data, values, parameters, etc. that are received by and submitted to or written to memory in a data storage unit of a supervised system (e.g., an avionics system) at runtime. In addition, aspects of the present disclosure enable enhanced, flexible, and robust editing, modification, or updating of flight test data, testing, debugging, and analysis of problems in service. In yet another example, aspects of the present disclosure may provide or enable an "open" or accessible interface to third party applications running on or outside of the embedded system to interact with the system (e.g., embedded advanced Interval management (A-IM) applications or applications running on an Electronic Flight Bag (EFB)).
Although example aspects of the present disclosure are discussed with reference to avionics systems such as FMS, the subject matter described herein may be used or applied to provide flexible access to internal data of other systems, vehicles, machines, industrial or mechanical assets, or components without departing from the scope of the present disclosure.
The exemplary drawings are for illustrative purposes only, and the dimensions, locations, order and relative sizes reflected in the drawings may vary.
Referring now to FIG. 1, an exemplary aircraft 10 is illustrated having a fuselage and at least one turbine engine, shown as a left engine system 12 and a right engine system 14. The left engine system 12 and the right engine system 14 may be substantially identical. Although turbine engines 12,14 are shown, the aircraft 10 may include fewer or additional engine systems, or alternative propulsion engine systems, such as propeller-based engines.
The illustrated aircraft 10 also includes a plurality of sensors, systems and components (collectively referred to as Line Replaceable Units (LRUs) 16,18) and at least one server 20 or computing unit, shown as two flight management systems or flight control computers, located proximate to each other near the nose of the aircraft 10. At least one of the servers 20 may also include a memory.
The LRUs 16,18 and the server 20 may be communicatively interconnected by transmission or communication lines defining a data communication network 22, the data communication network 22 traversing at least a portion of the aircraft 10. Additional LRUs 16,18 may be included. Although a server 20 is described, aspects of the present disclosure may include any computing system, flight computer, or display system that displays data from multiple systems.
The memory of server 20 may include Random Access Memory (RAM), flash memory, or one or more different types of portable electronic memory, or the like, or any suitable combination of these types of memory. The LRUs 16,18 or the server 20 may be operatively coupled with the memory such that at least a portion of the memory (e.g., "shared memory") may be accessed by the LRUs 16,18 or the server 20 or any computer program or process thereon.
The aircraft 10 shown in fig. 1 is merely a schematic illustration of one non-limiting example environment of the present disclosure and serves to illustrate that multiple LRUs 16,18 and servers 20 may be located throughout the aircraft 10. The exact location of the LRUs 16,18 and servers 20 is not germane to aspects of the present disclosure. Additionally, more or fewer LRUs 16,18 or servers 20 may be included in aspects of the present disclosure.
The communication network 22 is shown schematically as a bus, but may include a plurality of data communication connectors and interfaces, such as ethernet or fiber optic cables, as well as routing or switching elements to facilitate communication interconnection between the LRUs 16,18 and the server 20. Further, the configuration and operation of communication network 22 may be defined by a common set of standards or rules applicable to a particular aircraft environment. For example, the communication network 22 on the aircraft 10 may be defined or configured by the ARINC 664(a664) standard, the ARINC 429(a429) standard or the ARINC 653(a653) standard.
Fig. 2 illustrates a system 30 for providing flexible write-access to internal data of a supervised system. As shown, the system 30 may include a set of environments that schematically illustrate interaction with each other. The system 30 may include a programming environment 32, the programming environment 32 having a programming editor 40 interface for encoding, editing, or otherwise developing source code 42 for a supervised system. Non-limiting examples of programming environment 32 may include a first data store (shown as "source code database" 44) for storing source code elements, encoded data, revision history, and the like. The programming environment 32 may also include a second data store for storing information relating to and for operation of the supervised system. For example, the second data store may include a set of supervised system data variable definitions, shown as "data store" or "data store queue" definition information 46. In one non-limiting example, the data store definition information may be developed or otherwise identified by a configuration tool function (hereinafter "configuration tool" 43).
The system 30 may also include a flexible writer environment 34 that may include an authorization parameter writer interface 52 adapted or configured to receive input parameters 54 and generate write request instructions from a request generator 56 for updating, writing, storing, or committing the input parameters 54 to memory in the supervised system. As used herein, "flexible" indicates that the various components are user accessible to introduce or inject a particular action (such as a functional action, including but not limited to a write function) in the system 30. In this sense, they are independent import actions that are not initiated by the system 30, but may include embodiments that use functional elements of the system 30.
The further illustrated system 30 includes a regulatory system environment 36, which includes or defines a regulatory system 60, as one non-limiting example. In one non-limiting example, the supervised system 60 may include a FMS. Supervised system 60 may include a set of data storage queues 62, a set of data stores 64, flexible writer functions 72, and authorization writers 66, including authorization writer function 68. As used herein, an "authorization" writer 66 or an "authorization" writer function 68 is a representative single function, program or entity that has write-access to the illustrated representative data store 64. In contrast to authorization writer 66 or authorization writer function 68, a "flexible" writer function 72 is configured to autonomously or independently (and outside of normal operations or instructions of regulatory system 60) generate write-access commands to update data, values, etc. in a respective data storage queue 62 or data storage 64, as described herein.
While system 30 illustrates programming environment 32, flexible writer environment, and supervised system environment 36 are illustrated in close proximity to one another, it will be understood that temporal or physical separation occurs between respective environments 32,34,36 in non-limiting aspects of the present disclosure. For example, programming environment 32 is likely to be well utilized before regulatory system 60 is implemented in any other environment (e.g., an FMS of an aircraft). Similarly, flexible writer environment 34 may include mobile development components, such as mobile electronic devices (laptops, tablets, etc.), which may be transportable relative to an otherwise fixed regulatory system 60 (e.g., may be "fixed" relative to a particular aircraft). Additionally, it should be understood that each respective system 32,34,36 may include a respective interface for utilizing the environment 32,34,36, including, but not limited to, a user interface (e.g., a graphical user interface, an interactive device such as a mouse), and a connection interface (universal serial bus, ethernet communication port, etc.).
During programming activities (e.g., in programming environment 32), configuration tool 43 may include or otherwise know how to maintain prior knowledge of data in the set of data stores 64, data store queues 62, platform environment, processors, etc. of the developed supervised system 60. In response to the development of supervised system source code 42, programming editor 40 or configuration tool 43 may generate one or more loadable configuration files, shown as definition file 48 and definition data file 50. In some embodiments, the configuration tool 43 or other system component may be configured or adapted to parse the supervised system source code 42 (or derivative thereof) to provide a list of all available data store queues 62 or data stores 64. The definition file 48 or the definition data file 50 may collectively or individually indicate or otherwise inform the avionics system's identification of data-writing components with respect to data storage, data storage queues, or a combination thereof. For example, in one non-limiting example, the definition file 48 may contain the general memory layout of an embedded system, while the definition data file 50 may also contain data types and variable names to make it easier to define the input parameters 54. In a non-limiting example, the data-writing component may include the flexible writer environment 34, the authorization parameter writer interface 52, the request generator 56, the flexible writer function 72, or a subset thereof.
In some embodiments, in addition to the supervised system source code 42, the configuration tool 43 may analyze or otherwise use one or more binary object files of the supervised system 60 to determine the memory layout of the system 60. For example, the compiler may selectively create context clauses (which may also be referred to as presentation specifications). This context clause may contain a table describing the memory layout. In addition to the supervised system source code 42 (which may still be used to determine the dependencies of the nested data structures), the configuration tool 43 may also use context clauses as input. Based on the target processor architecture (e.g., the processor implementing the supervised system 60), the configuration tool 43 also knows byte alignment and byte order to adjust the offsets in the loadable configuration files 48, 50.
As shown, in some non-limiting aspects, the definition data file 50 may include additional information for each identified data store, data store queue, and the like. The additional information may include, but is not limited to, offset, size, parameters, and the like. In some embodiments, definition file 48 or definition data file 50 may specify certain groups of data (e.g., a particular data store 64 or a particular data store queue 62) that may be written to or overwritten at runtime of regulatory system 60.
In some embodiments, in addition to specifying a data store or data store queue definition or data file, loadable configuration files 48,50 may also specify particular data entries (e.g., parameters) within a particular data store queue 62 or data store 64. The loadable configuration files 48,50 may provide instructions (e.g., offset, type, size, etc.) as to how many bytes to write for the write-access command. For example, the offset may describe the number of bytes from the beginning of the data store 64 starting with a particular data item; the size may describe the number of bytes occupied by a particular data item; the type may define how to interpret the bytes.
In particular, loadable configuration files 48,50 may also provide or enable an authorized parameter writer 52 or flexible writer function 72 to decode or encode parameter data to be written to data storage queue 62 or data storage 64. For example, the encoding parameter data to be written to the data store queue 62 or the data store 64 may be a set of serialized data (e.g., serialized bytes). Authorization parameter writer 52 or flexible writer function 72 may encode the serialized data based on information contained in loadable configuration files 48, 50.
At runtime (which may include runtime operation of the aircraft, or, for example, test-based or maintenance-based "runtime" of the supervised system 60), a user, function, system, or program may expect a change in a parameter value of the data storage queue 62 or data storage 64. Such "flexible" changes to parameter values may be accomplished by the system 30 described herein.
For example, a user, function, system, or program may access flexible writer environment 34 to generate a request to update or otherwise write or rewrite a particular parameter (or set of parameters) indicated by input parameters 54. The response is generated by request generator 56, encoded or notified by loadable configuration files 48,50, and provided to regulatory system 60 or flexible writer function 72 via communication 58.
If the requested parameter update points to a parameter in data storage queue 62, flexible writer function 72 may proceed to generate a write-accessible command (also encoded or signaled by loadable configuration files 48, 50) directly to data storage queue 62 via communication 74. This assumes that flexible writer function 72 is one of a plurality of write-accessible writers of data storage queue 62. In another non-limiting example, flexible writer function 72 may potentially supplement data communicated via communication 58 (e.g., a runtime generated event index or context data communicated from an aerial database) with system-internal context data that may not be known by external entities.
If the requested parameter update is directed to a parameter in data store 64, flexible writer function 72 cannot directly update data store 64 because flexible writer function 72 is not a single writer with write-access to the data store (the single writer is shown as authorized writer 66). In this case, flexible writer function 72 may generate a command to authorized writer 66 via communication 76. In response, authorization writer 66 may instruct or generate write-accessible instructions, shown as instruction communication 70, through authorization writer functionality 68. The flexible writer function 72 may also be configured or adapted to intercept the authorization instruction communication 70 with another communication 78 (instruction communication 70 in an intercept block 80 is schematically shown), and instead, inject or otherwise update the authorization instruction communication 70 to include the requested parameter update of the data store 64. In one non-limiting example, the authorization instruction communication 70 may be further encoded or notified of a replacement, injected or otherwise updated by the loadable configuration files 48, 50. The updated authorization instructions, which are in communication with the requested parameter update, are then transferred to the data store 64, where the modified authorized write-access instructions are executed, or otherwise written, to memory.
Each of configuration tool 43, programming environment 32, flexible writer environment 34, flexible writer function 72, or supervised system environment 60, or components thereof, may be implemented by one or more computing devices, schematically represented in fig. 3. As shown, the computing device 110 may be referred to as a controller module or microcontroller. The computing device 110 may be standalone or may be embedded in a computing system or environment 32,34, 36. In another non-limiting example, a corresponding component, such as flexible writer environment 34, may be located on or as a subcomponent of another vehicle or aircraft.
Computing device 110 may include one or more processors 112 and memory 114. The one or more processors 112 may be any suitable processing device, including but not limited to a processor core, microprocessor, Application Specific Integrated Circuit (ASIC), Field Programmable Gate Array (FPGA), controller, microcontroller, controller module, or the like. In another non-limiting example, the one or more processors 112 may include operatively connected processors or processor execution cores. The memory 114 may include one or more non-transitory computer-readable storage media, such as RAM, ROM, EEPROM, EPROM, flash memory devices, a disk, etc., or a combination thereof. Memory 114 may store data 116, such as data store 64 or data store queue 62. The memory 114 may also store instructions 118 that are executed by the processor 112 to perform the operations or functions described in the present disclosure.
It is apparent that an advantage of the present disclosure is that it enables truly configurable and dynamic write-access to data without requiring recompilation and re-certification of aircraft systems (e.g., flight management systems).
The techniques discussed herein refer to servers, databases, software applications and other computer-based systems, and the actions taken and information sent to and from these systems. Those of ordinary skill in the art will recognize that the inherent flexibility of computer-based systems allows for a variety of possible configurations, combinations, and divisions of tasks and functions between and among components. For example, the server processes discussed herein may be implemented using a single server or multiple servers operating in combination. Databases and applications may be implemented on a single system or distributed across multiple systems. The distributed components may operate sequentially or in parallel.
To the extent not described, the different features and structures of the various aspects may be used in combination with each other as desired. This one feature cannot be shown in all aspects and is not meant to be construed as it cannot, but is done for brevity of description. Thus, various features of different aspects may be mixed and matched as desired to form new aspects, whether or not the new aspects are explicitly described. The present disclosure encompasses combinations or permutations of features described herein.
For example, in accordance with the present disclosure, when writing to the data storage queue 62 or data storage 64, a feedback mechanism for writers (e.g., authorization parameter writer 52, flexible writer function 72, or a combination thereof) may also be included to learn that the writing was successful. This may occur at runtime, for example, for deterministic (automatic) testing. In another non-limiting example, the feedback mechanism may include a notification to or for the writer when a user of the data storage queue 62 actually reads the requested data or an event change. In yet another non-limiting example, bidirectional data storage queue 62 may support external access (e.g., external to regulatory system 60) to read requested data or event changes to confirm that a write has occurred.
This written description uses examples to disclose aspects of the disclosure, including the best mode, and also to enable any person skilled in the art to practice aspects of the disclosure, including making and using any devices or systems and performing any incorporated methods. The patentable scope of the disclosure is defined by the claims, and may include other examples that occur to those skilled in the art. Such other examples are intended to be within the scope of the claims if they have structural elements that do not differ from the literal language of the claims, or if they include equivalent structural elements with insubstantial differences from the literal languages of the claims.
Further aspects of the invention are provided by the subject matter of the following clauses:
1. a system for runtime write access to data of a supervised system, comprising: a data store having limited write access; an authorization writer communicatively coupled with the data store and authorized to have write access to the data store by generating a runtime instruction communication conveyed from the authorization writer to the data store, the runtime instruction communication defining authorization data to write to the data store; and a flexible writer that is not authorized to have write access to the data store and that is adapted to receive unauthorized data input, the flexible writer communicatively coupled with the authorized writer and configured to: communicating the instruction to an authorization writer to generate a runtime instruction communication; and replacing the runtime instruction communication with the unauthorized data input during transport from the authorized writer to the data store to commit the unauthorized data input to the data store.
2. The system of any preceding item, wherein the supervised system is an avionics system.
3. The system of any of the preceding items, wherein the avionics system is at least one of a flight management system or an airport surface map system.
4. The system of any preceding item, wherein the system is a test system, a debug system, or an analysis system.
5. The system of any of the preceding claims, wherein the unauthorized data input comprises flight test data of a supervised system.
6. The system of any preceding item, wherein the system is a programming development system.
7. The system of any preceding item, further comprising a loadable configuration file defining write access instructions for the data store.
8. The system of any of the preceding claims, wherein the flexible writer is further configured to receive the loadable configuration file and to form an alternate runtime instruction communication including an unauthorized data input from the write access instructions of the data store.
9. The system of any of the preceding claims, wherein the flexible writer is further configured to form the alternate runtime instruction communication by encoding the data input according to a write access instruction of the data store.
10. The system of any of the preceding claims, wherein the unauthorized data input is a supervised system parameter, and the flexible writer is configured to overwrite the supervised system parameter by a replacement runtime instruction communication.
11. The system according to any of the preceding clauses, wherein the supervised system is supervised by at least one of the ARINC 664 standard, the ARINC 429 standard, or the ARINC 653 standard.
12. A method of writing an unauthorized parameter to a write access restricted data store of a runtime supervised system, the method comprising: receiving, by a flexible writer function that is not authorized to write to the data store, an unauthorized parameter; indicating, by the flexible writer function, an authorized writer function to generate a runtime instruction communication authorized to be written to the data store; replacing the runtime instruction communication with a replacement communication comprising an unauthorized parameter during transport from the authorized writer function to the data storage; and performing the replacement communication and writing the unauthorized parameters to the data store.
13. The method of any of the preceding claims, wherein the data store comprises a predefined parameter memory access, and wherein the alternate runtime instruction communication comprises encoding the unauthorized parameter according to a data store profile of write instructions that notify the predefined parameter memory access.
14. The method of any of the preceding claims, wherein the alternate runtime instruction communication comprises at least one of: modifying the runtime instruction communication to include the unauthorized parameter, injecting the runtime instruction communication with the unauthorized parameter, or intercepting the runtime instruction communication.
15. The method of any preceding item, wherein performing the alternate communication comprises performing the alternate communication based at least on an assumption that the alternate communication is an authorized communication.
16. The method of any preceding item, wherein the assumption that the replacement communication is an authorized communication is based at least on the replacement communication originating from an authorized writer function.
17. A system for updating write access restricted parameters in a runtime supervised avionics system with an unauthorized writer, the system comprising: a data store having write access restricted to a single authorized writer different from the unauthorized writer; an unauthorized writer having a request generator configured to generate an unauthorized write request including an updated parameter value, and communicatively connected with the supervised avionics system; and a flexible writer function of the supervised avionics system, the flexible writer function configured to receive an unauthorized write request and instruct a single authorized writer to generate a runtime instruction communication authorized to write to the data store, and configured to replace the runtime instruction communication generated by the single authorized writer with a modified runtime instruction communication including the updated parameter value, whereby the data store receives the modified runtime instruction communication and submits the updated parameter value to the data store.
18. The system of any preceding item, wherein the system is a test system, a debug system, or an analysis system.
19. The system of any preceding item, wherein the updated parameter values comprise flight test data of the supervised system.
20. The system according to any of the preceding clauses, wherein the supervised system is supervised by at least one of the ARINC 664 standard, the ARINC 429 standard or the ARINC 653 standard.

Claims (10)

1. A system for runtime write access to data of a supervised system, comprising:
a data store having limited write access;
an authorization writer communicatively connected with the data store and authorized to have write access to the data store by generating a runtime instruction communication conveyed from the authorization writer to the data store, the runtime instruction communication defining authorization data to write to the data store; and
a flexible writer that is not authorized to have write access to the data store and that is adapted to receive unauthorized data input, the flexible writer communicatively connected with the authorized writer and configured to:
transmitting instructions to the authorization writer to generate a runtime instruction communication; and
replacing the runtime instruction communication with the unauthorized data input during transport from the authorized writer to the data store to commit the unauthorized data input to the data store.
2. The system of claim 1, wherein the supervised system is an avionics system.
3. The system of claim 2, wherein the avionics system is at least one of a flight management system or an airport surface map system.
4. The system of claim 1, wherein the system is a test system, a debug system, or an analysis system.
5. The system of claim 1, wherein the unauthorized data input is a supervised system parameter, and the flexible writer is configured to overwrite the supervised system parameter by replacing the runtime instruction communication.
6. The system of claim 1, wherein said supervised system is supervised by at least one of the ARINC 664 standard, the ARINC 429 standard, or the ARINC 653 standard.
7. A method of writing an unauthorized parameter to a write access restricted data store of a runtime supervised system, the method comprising:
receiving the unauthorized parameters by a flexible writer function that is not authorized to write to the data store;
indicating, by the flexible writer function, an authorized writer function to generate a runtime instruction communication authorized to write to the data store;
replacing the runtime instruction communication with a replacement communication that includes the unauthorized parameter during transport from the authorized writer function to the data store; and
performing the replacement communication and writing the parameters of the unauthorized path to the data store.
8. The method of claim 7, wherein the data store comprises a predefined parameter memory access, and wherein replacing the runtime instruction communication comprises encoding the unauthorized parameter according to a data store profile of a write instruction that signals the predefined parameter memory access.
9. The method of claim 7, wherein replacing the runtime instruction communication comprises at least one of: modifying the runtime instruction communication to include the unauthorized parameter, injecting the runtime instruction communication with the unauthorized parameter, or intercepting the runtime instruction communication.
10. The method of claim 7, wherein performing the alternate communication comprises performing the alternate communication based at least on an assumption that the alternate communication is an authorized communication.
CN201910905289.4A 2018-09-25 2019-09-24 System and method for flexibly writing internal data of a managed system Active CN110941572B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862735885P 2018-09-25 2018-09-25
US62/735,885 2018-09-25

Publications (2)

Publication Number Publication Date
CN110941572A true CN110941572A (en) 2020-03-31
CN110941572B CN110941572B (en) 2023-07-21

Family

ID=68104370

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910905289.4A Active CN110941572B (en) 2018-09-25 2019-09-24 System and method for flexibly writing internal data of a managed system

Country Status (3)

Country Link
US (2) US11614871B2 (en)
EP (1) EP3629208B1 (en)
CN (1) CN110941572B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114201228A (en) * 2020-09-02 2022-03-18 通用电气航空系统有限责任公司 System and method for flexible read-write access for managed systems

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11698794B2 (en) 2020-09-02 2023-07-11 Ge Aviation Systems Llc Systems and method for flexible access of a regulated system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101542429A (en) * 2005-06-13 2009-09-23 高通股份有限公司 Apparatus and methods for detection and management of unauthorized executable instructions on a wireless device
CN104579865A (en) * 2013-10-11 2015-04-29 通用电气航空系统有限责任公司 Data communications network for an aircraft
CN105794161A (en) * 2013-10-11 2016-07-20 通用电气航空系统有限责任公司 Data communication network for aircraft
US20170019478A1 (en) * 2015-07-16 2017-01-19 Ge Aviation Systems Llc Apparatus and method of operating a system
CN106484637A (en) * 2015-08-31 2017-03-08 波音公司 Method for providing ancillary equipment by flight management system data
CN106575271A (en) * 2014-06-23 2017-04-19 谷歌公司 Managing storage devices

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1684151A1 (en) * 2005-01-20 2006-07-26 Grant Rothwell William Computer protection against malware affection
US9998426B2 (en) * 2014-01-30 2018-06-12 Sierra Nevada Corporation Bi-directional data security for control systems
US10417261B2 (en) * 2016-02-18 2019-09-17 General Electric Company Systems and methods for flexible access of internal data of an avionics system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101542429A (en) * 2005-06-13 2009-09-23 高通股份有限公司 Apparatus and methods for detection and management of unauthorized executable instructions on a wireless device
CN104579865A (en) * 2013-10-11 2015-04-29 通用电气航空系统有限责任公司 Data communications network for an aircraft
CN105794161A (en) * 2013-10-11 2016-07-20 通用电气航空系统有限责任公司 Data communication network for aircraft
CN106575271A (en) * 2014-06-23 2017-04-19 谷歌公司 Managing storage devices
US20170019478A1 (en) * 2015-07-16 2017-01-19 Ge Aviation Systems Llc Apparatus and method of operating a system
CN106484637A (en) * 2015-08-31 2017-03-08 波音公司 Method for providing ancillary equipment by flight management system data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114201228A (en) * 2020-09-02 2022-03-18 通用电气航空系统有限责任公司 System and method for flexible read-write access for managed systems

Also Published As

Publication number Publication date
EP3629208A1 (en) 2020-04-01
US20200097196A1 (en) 2020-03-26
US11614871B2 (en) 2023-03-28
EP3629208B1 (en) 2021-11-10
US20230229320A1 (en) 2023-07-20
CN110941572B (en) 2023-07-21

Similar Documents

Publication Publication Date Title
US11669309B2 (en) Extensible integrated development environment (IDE) platform with open application programming interfaces (APIs)
CN112559315B (en) Test framework for automation objects
US20230229320A1 (en) Systems and methods for flexible writing of internal data of regulated system
JP6908744B2 (en) Vehicle auditing and control of maintenance and diagnostics for vehicle systems
CN112558974A (en) Systems, methods, and computer media for collaborative development of industrial applications
US20060229772A1 (en) Systems and methods for avionics software delivery
CN114968188A (en) Systems, methods, and non-transitory computer-readable media for developing industrial applications
KR20150065582A (en) Aircraft configuration and software part management using a configuration software part
US8910145B2 (en) Method and device for installing/uninstalling software modules, with centralized resolution of constraints, in aircraft equipment items
CN115877797A (en) Industrial automation project library cross-sharing
US11513941B2 (en) Systems and method for flexible write- and read-access of a regulated system
CN115113851A (en) System model smart object configuration
US11698794B2 (en) Systems and method for flexible access of a regulated system
CN115079644A (en) System, method and computer readable medium for developing industrial applications
US20210021464A1 (en) Generating application-server provisioning configurations
CN115220710A (en) Method and system for generating engineering programs for an industrial domain
CN115857379A (en) Industrial automation project design telemetry
CN115115325A (en) Notification from an industrial automation development environment
CA3026714A1 (en) Method and system for replacing a processing engine

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information

Inventor after: Joachim Karl Wolfe hokvart

Inventor after: Antonio Lugo Trejo

Inventor after: Victor Mario leiar Herrera

Inventor after: Terrell Michael Brees

Inventor after: Christian Reynolds Decker

Inventor before: Joachim Karl Wolfe hokvart

Inventor before: Antonio Lugo Trejo

Inventor before: Victor Mario leiar Herrera

Inventor before: Terrell Lee Blaise

Inventor before: Christian Reynolds Decker

CB03 Change of inventor or designer information
GR01 Patent grant
GR01 Patent grant